The cost of a data breach is not just limited to regulatory fines, but extends to more significant losses to the business and even hampers customer trust
Security incidents and data breaches are becoming increasingly costly. Some recent examples include $53 million costs to the Canadian lender Desjardins Group in the wake of a breach that exposed PI of 2.9 million members. Manufacturer Norsk Hydro also revealed that the final bill for its cyber attack could be as high as $75 million. Marriott and British Airways have had to add $100 million into the final cost of the incidents after falling foul of GDPR.
While these are high-profile examples of the extreme ends of the scale, the impact of suffering a data breach, financially, continues to increase for companies of all sizes. A report by IBM and the Ponemon Institute states that the average cost of a data breach in 2019 is $3.92 million.
By 2021, almost 30% of organizations globally are likely to suffer at least one breach. The highest cost is faced by US organizations with an average of $8.19 million per breach, while in the UK it costs $3.88 million per breach. The cost of each record accounts for $150 on average globally; $242 in the US and $155 in the UK. This final cost per record is affected by factors relating to the preparedness of an organization and its reaction to the breach. As customers become less accepting of security failures, a breach is likely to create a customer turnover of 3.4%.
During a breach, time is money and slow detection and containment of a breach can make it more costly. Globally, South African (226 days) and German (170 days) organizations are quickest at finding and containing breaches, and companies in Brazil (361) and the Middle East (381) take the longest. Among the sectors, healthcare, entertainment, and public sector organizations take the longest time to find and contain a breach. The financial services, research, and technology sectors are the quickest at discovery and remediation.
With the introduction of GDPR and many more legislations appearing across the globe, compliance is becoming an essential part of the cost of a breach. The U.S. alone has 52 different state privacy laws. Experts believe that when these breaches occur, very often companies do not have experts in each of these in house. The need to hire and outsource security experts is expensive, and companies that are not willing to pay for the expertise suffer the regulatory fines, which are increasingly becoming steep.
Also read: Toss Data Before It Can Cross
The best way to keep data breach costs low is to be prepared for eventualities. Experts believe that there is a lot more needed than a paper that says, ‘Here are the contact details for the security team.’ There is a need to rehearse through multiple scenarios in an immersive environment and test plans, identify gaps, and then contain those.
Another crucial part is the public response. Companies cannot afford to lose customer trust as it ultimately leads to a business loss and can increase the overall cost of the breach. According to experts, effectively getting messaging out to clients or consumers about what’s going on can be an opportunity to build a lot of goodwill. When handled correctly, it can build confidence in customers but requires preparation and training in advance.